Alaf's answer is a good start. Describing all known attacks on Tor and how they apply to hidden services is a broad task and not really suited for a little text box here. :)
But I'll give you an example. If I run a middle relay (neither a Guard nor an Exit), then I can visit your hidden service over and over and eventually you will use my relay in one of ...

From the criminal complaint, it is fairly clear that this isn't an issue with de-anonymizing Tor. If you look under Volume of Business Activity Reflected on Silk Road Servers, on page 14 it states that on or about July 23, 2013 an image of the SR web server was made and provided to the FBI (presumably by the hosting company.)
They don't mention how they ...

Tor uses fixed cell sizes. The design document states:
Traffic passes along these connections in fixed-size cells. Each cell is 512 bytes, and consists of a header and a payload.
Apart from that no further mixing or randomisation is used:
No mixing, padding, or traffic shaping (yet): Onion Routing originally called for batching and reordering cells as ...

Running a hidden service with safety can be really complicated.
Hidden service administrator has to make sure that no application running on the server can be exploited remotely. Α hidden website may be vulnerable to the same threats every other website is. If the software a server uses to show a website is vulnerable, for example apache server or a ...

Tor's announcement over the matter states:
So far, nothing about this case makes us think that there are new ways to compromise Tor (the software or the network). The FBI says that their suspect made mistakes in operational security, and was found through actual detective work.
So in answer to your question, no, deanonymization did not play a role.

Deanonymization can happen in three ways:
You write or do something through Tor that can be linked to your real-life identity. For example, you tell people on Tor that you're in a certain time zone, country, or city.
The browser you are using with Tor is leaking information or can be exploited to leak information. For example, you are using the same browser ...

Except for reading through all of the plugin's or the extension's source code, there is unfortunately no way to make sure it is safe.
And some believed-to-be-safe extensions like AdBlock Plus will still reduce your anonymity somewhat compared to other Tor users, by creating a more unique network fingerprint ("this user is the one that doesn't download the ...

The short answer is no. Basically, Tor is susceptible to timing correlation attacks, where someone who is observing the connection going from your client (OP) to the Tor network and also the connection from the Tor network to your destination can tell with fairly high certainty that they are the same connection.
Note that you would need to correlate data ...

"Does Tor still present a threat to the NSA?"
I believe that Tor was never threat to the NSA. There are several layers of 'protection' about Tor, thus several ways to attack users.
The first layer is: software code. NSA software developers can misuse open code to find holes and bugs in the code. We can surely make the presumption that the NSA doesn't have ...

There are a couple of circumstances in which it could be useful that spring to mind.
You wish to prevent your Cellphone Network (AT&T, Verizon, Vodafone etc) from observing any data sent that isn't normally protected - think your web browsing for example.
Android is quite configurable as to what data is sent to Google. You've stated you will be sending ...

No, this approach will not work that simply.
First of all, you've got your targeted user(s). Bob and Alice. You assume the role of Eve (a passive adversary, who can only observe). You know Bob is talking to someone over Tor and you want to discover who. So you hoodwink a confused deputy (this is a polite way of saying "lie to a judge") to get Bob's internet ...

Based on the case reports they were able to trace the SR to him. That does not mean that he was initially found out because of a tor compromise. If such a compromise existed, they would have had to create a parallel construction to hide the fact the compromise existed, which would had been trival once they found their target.
Yes, he may have gotten sloppy, ...

That's a tough one. Anyway, here goes my personal take on this story:
We don't have any extra sources --- all we can do is read The Guardian's article or the one published by the Washington Post, like everybody else.
Even though we have no way to be certain whether the documents referenced in the article are, indeed, genuine, I still highly recommend you ...

Windows 10 has a keylogger embedded, thus all the words, codes, psws that user insert using keyboard could be sent to Windows Servers and to authorities per request.
Does it mean we should use "on screen" keyboard or other alternative input (speech) while using Tor? Unfortunately, Windows 10 has camera-logger embedded as well as microphone-logger embedded ...

No, .onion's are not exempt from DNS leaks.
Since it's possible for people to run local DNS gTLDs, DNS infrastructure will generally respect and dutifully perform lookups for invalid domain names. DNS itself is agnostic to the gTLD being valid or not, with a few exceptions (for example .invalid should always fail).
There is an RFC covering .onion which ...

As Samuel Walker notes, it's probably better than nothing, depending on your circumstances and threat model. You might be interested in the Guardian Rom project. There's a thread at Wilders Security Forums. It was on hold for a while, but seems to be moving again. Here's a quote from a recent update from x942 aka Kyle Davidson:
1) Full disk Encryption and ...

As I understand, when I have a private RSA key and I send this private key to a Tor host and he runs it, I should be able somehow to get his real IP address using this RSA key, isn't that right?
No. The hidden service key is just used for signing stuff. It won't let you decrypt any special information.
If the provider has the private key, it just means ...

Youtube does a lot of crazy stuff. It is not your normal HMTL5 video tag, there was actually some beta feature where you can try to ask google to send you only with Ogg+Theora, but then many of the videos show up as unavailable.
If you look at the video tag itself http://w3schools.com/tags/tag_video.asp You will notice that the tag provides the dimentions, ...

All of those are already dealt with, with the exception of AudioContext which may get a similar treatment as canvas fingerprinting has.
See ticket #13017. Update: Tor Browser 7.0 disabled AudioContext fingerprinting by setting the new dom.webaudio.enabled option to false as a stop-gap measure, so this vector is also no longer fingerprintable by default.
...

It's becoming more and more a necessity to use Tor on mobile devices, so yes it makes sense. Even though there are lots of privacy-anonymity risks with doing so, people could develop solutions over time as more people start using Tor on Android.
You must be very careful and informed about how Android works, what is being sent to internet, etc.
My best ...

@Jens's answer has a great description of current Tor. The Tor-Browser adds some additional defenses, namely:
it enables HTTP pipelining, so that several requests can be sent on the same "batch"
it reorders the packets in that batch and randomly sets its size

Your question is somewhat similar to Getting Tor to randomly use various Country IP's per session.
If you know the name or fingerprint of the node, open the torrc and insert the following line:
EntryNode name
EntryNode $fingerprint
When you restart Tor it will use the entry nodes if avalaible.

To add to what's been said, particularly parts of bobrock's answer, remember that anyone can run a Tor exit node. After traffic has been decrypted on the exit node (as the last stage of onion routing), the data to be forwarded can be seen in the clear (assuming there's no more encryption besides Tor). The NSA can set up a large number of exit nodes, and ...

I defer to Peter Palfrader's aka weasel's excellent answer to the main question, "How safe are Tor users?".
Reading the closing sub-question, "Does Tor still present a threat to the NSA?", I'm wondering whether OP meant to say "Does the NSA still present a threat to Tor users?". The answer for that question is "of course".
Regarding Tor as a threat to the ...

First of all: As far as i know, if you do not compromise the Entry-Relay (Guard), you can not locate the client. So being said, the third case does not result in client de-anonymization.
For the other two cases, in which you have compromised the entry-relay, you will be able to locate the client.
To be a little more specific:
Before there were Entry-Guard ...

An attacker has several methods to find out that you're using Tor.
If you use plain Tor without bridges or other circumvention technology than the IP addresses are known to the world. An attacker just compares the IP addresses you're connecting to with those known Tor IP addresses. If you're connecting to one of those there is a good chance that you're ...